Generally, content on a gaming machine is authenticated prior to authorizing the content for use. For example, authentication typically involves calculating a hash value over the data contents and then using the hash value in conjunction with a digital signature and public key to verify that the contents are valid. This authentication method may take a considerable amount of processing time especially if a large amount of data needs to be authenticated. As a result, the longer boot time for a gaming machine increases the downtime of the gaming machine and, as a consequence, reduces revenue generation.
In many gaming jurisdictions, regulatory requirements mandate that system authentication must be performed by a program running separate from the non-secure media. For gaming machines based on personal computer (PC) architecture, the basic input/output system (BIOS) must reside on the erasable programmable read-only memory (EPROM), and the authentication code executed from the BIOS EPROM. The EPROM is secured and typically is removed and independently verified and authenticated with external devices. However, if the authentication process of the EPROM is compromised, the non-secure media may not be properly authenticated, thereby allowing rogue code to be run on the gaming machine. Accordingly, there is a need to ensure the proper authentication of a secured EPROM.